Go to All Forums

[Updated] Terminating support for earlier TLS versions by September 30, 2020

Greetings,

Site24x7 is ending support for earlier Transport Layer Security (TLS) versions 1.0 and 1.1 due to security reasons. 

What is TLS?

TLS is a secure way of client-server data communication. The TLS protocol protects the confidentiality and integrity of the information passed between two systems. Since the earlier versions of TLS - TLS 1.0 and 1.1, pose security issues, we are completely migrating to TLS 1.2

How are you affected?

If your browsers, application programming environments, and Site24x7 agents do not support TLS 1.2, you will face problems with data collection and viewing the same. 

You can safely ignore if your browsers, programming environments, and Site24x7 agents are updated to the latest TLS version (TLS 1.2).

What should you do?

You should update to the latest TLS version and Site24x7 agents that supports TLS 1.2. The following table enlists the corresponding versions that support TLS 1.2

Browser versions 

Google Chrome - Version 30 & above
Mozilla Firefox - Version 27 & above
Safari - Version 7 & above
Internet Explorer - Version 11 & above

Check if your browser is compatible with TLS 1.2 

 

Programming Environments
  • Java 6 - Update 111 or later
  • Java 7u25
  • OpenSSL 0.9.8ay
  • .NET 4.5
APM Insight agent versions
On-Premise Poller Version 3.1.6 & above
Server Monitoring For the Windows Server Monitoring agent, TLS 1.2 is disabled by default for Windows Server 2008. To enable it, please  apply the hotfix mentioned in this article . To enable TLS 1.2 for Windows Server 2012, 2008 R2, and 7,  apply this hotfix
Real Browser monitoring For web transaction recorders and Site24x7 Desk apps, the latest version compatible with TLS 1.2 is displayed on the login screen - kindly download the same. 
API's To communicate via API's, ensure that your browsers, programming environments, and OS are compatible with TLS 1.2

In case of any questions or concerns, kindly drop a word to [email protected]

Like (2) Reply
Replies (12)

Hello,

You guys should implement your own library instead of depending on the library provided by operating system. We have to discontinue site24x7 since we are using Server 2003 R2 in production. Chrome and Firefox browsers support TLS 1.1 and 1.2 when running on older Windows systems as well. 

 

Reference:

serverfault.com/questions/793280/does-windows-2003-support-tls-1-1-and-1-2/793281

Like (0) Reply

If you run windows 2003 in production you are 15 year outdated with much more security issues than TLS

 

Like (0) Reply

Can still ping them from a remote poller - or maybe install the SNMP service and monitor them that way

Like (0) Reply

We are still seeing an alert - 

Looks like you are using an older version of TLS in your servers. www.site24x7.com/community/terminating-support-for-earlier-tls-versions-for-security-reasons to upgrade to TLS version 1.2. 

Want to know which servers use the old TLS version? Check now!

"Check now" is not clickable. I had 2 servers with a warning icon indicating there were running an older version of TLS. They have been updated, but the warning message still persists on the Server Monitors page.

I opened a ticket with support, but the response was "if there are no servers with the warning icon, the TLS update can be considered complete".

If that is the case, how do I remove the TLS warning message on the Server Monitor page?

Like (0) Reply

Did you restart the site24X7 service on the affected servers? 

The message remained on my servers until the service was restarted.

Like (0) Reply

I restarted the server, and I restarted the agent. Verified the patch is there. Still getting the error.

Like (0) Reply

Have you set the required keys in the registry after the patch is installed?

Like (0) Reply


I think that requiring people to do this is ridiculous.  If its going to be a requirement then you are going to have to give more time for this.  Do you know how many companies out there have hundreds of windows boxes and will not have time to get this done?  I am lucky and only have a few.  But it is still a pain to have to do this patch.  And what affect will it have on my apps that run on these servers?  

That said I did find the requirement descriptions for creating this registry key:

support.microsoft.com/en-us/help/4019276/update-to-add-support-for-tls-1-1-and-tls-1-2-in-windows.

Again I find it quite ridiculous that this is something we have to do, and not provide some kind of script to do it.

 

Like (0) Reply

Is there a report which shows which server monitors need to be updated?

I can't imagine requiring clients to upgrade if you can't tell us which systems are affected and need to be upgraded.

Like (0) Reply

Hi,

We understand your concern. There is a filter option given in the Site24x7 web client to view servers that are still using an older version of TLS (1.0 and 1.1). To use the filter,

  1. Log in to Site24x7.
  2. Go to Server > Server Monitor > Servers
  3. In the Monitor Status page, click on the filter icon to view servers using TLS versions 1.0 and 1.1
  4. Upgrade the servers using the older version to TLS version 1.2

Hope this helps. Let us know for further queries, if any.

Happy Monitoring!

 

Like (0) Reply

Greetings,

Kindly note that TLS version less than 1.2 will not be supported for the Site24x7 agents after September 30, 2020.

What happens if you are in the lower versions after September 30, 2020?

Agent communication between Site24x7 agents and your applications/servers will not take place and hence there will not be any data collection. In short, you won’t have any monitoring data.

What should you do to mitigate the issue?

Kindly upgrade to the below mentioned Site24x7 agent versions:

If you are using Site24x7

Please note that if you are using the latest agent versions or any agents up and above the mentioned ones, you have nothing to worry about.

In case of any questions or concerns, kindly drop a mail to [email protected]

 

 

Like (0) Reply

Was this post helpful?